Skip to main content
Skip table of contents

The Windows Client Installation Package


The installation package consists of two components:

 The signed EkranSystemClient.exe installation file.

NOTE: For SaaS deployments, instead of the EkranSystemClient.exe file, the EkranSystemClient.msi type file is used.

The EkranSystemClient.ini text configuration file that contains the Application Server address to which the Client will connect, as well as the Client configuration.


The table below lists most of the Windows Client installation parameters. If any parameter except RemoteHost is absent or invalid, its value will be set to the default.

Parameter

Description

Default Value

Server Name / IP Address

RemoteHost

The name or IP address of the computer on which the Application Server is installed. This parameter may contain multiple names and IP addresses, separated by commas or semicolons.

NOTE: The Application Server IP address has to be static for Clients to connect to it successfully. Unique external IP addresses should be used for cloud-based Application Servers.

No

RemotePort

The Ekran System Application Server port via which the Clients connect to the Application Server.

9447

Frequency Settings for User Activity Recording

EnableActivity

Recording user activity and screen captures when the active window is changed (1 = enabled; 0 = disabled).

Enabled

EnableWndNmChanges

Recording user activity and screen captures when the window name is changed (1 = enabled; 0 = disabled).

Enabled

EnableKBandMouse

Recording user activity and screen captures on clicking and key pressing (1 = enabled; 0 = disabled).

Enabled

EnableTimer

Recording user activity and screen captures with a certain time interval (1 = enabled; 0 = disabled).

Disabled

Timer

The time interval for recording user activity and screen captures in seconds. This period cannot be less than 30 seconds. This parameter is required if the EnableTimer parameter is set.

30

Screen Capture Settings

EnableScreenshotCreation

Recording screen captures along with user activity (1 = enabled; 0 = disabled).

Enabled

EnableCaptureActiveWindowOnly

Screen captures and metadata recorded will contain information on the active window only (1 = enabled; 0 = disabled).

Disabled

ColorDepth

The colour scheme used for recording screen captures (7 = 4 bits (grayscale), 8 = 8 bits, 16 = 24 bits).

7 (4 bits (grayscale))

Monitoring Parameters

EnableClipboardMon

Logging of copy and paste operations (1 = enabled; 0 = disabled).

Enabled

EnableSystemIdleDetect

System idle event detection (1 = enabled; 0 = disabled).

Enabled

EnableIdleForceTimeout

Registering an idle event when the user is inactive (1 = forced idle event timeout is enabled; 0 = disabled).

Enabled

IdleForceTimeout

The time interval when the user is inactive. This period cannot be less than 5 minutes.

15

EnableSwiftUsernameMonitoring

Logging of user names used to log in to the SWIFT network (1 = enabled; 0 = disabled).

NOTE: This parameter works only if EnableScreenshotCreation=1.

Disabled

Keystroke Monitoring Parameters

EnableKeystrokes

Logging of keystrokes (1 = enabled; 0 = disabled).

Enabled

StartSessionOnKeyword

Starting monitoring on detection of a suspicious keyword in keystrokes (1 = enabled; 0 = disabled).

Disabled

Keywords

The list of keywords which if typed triggers a session to start, separated by commas (e.g. “drugs”,“medicine”). Keywords are combined with OR logic; the LIKE operator is applied to the keywords typed (if “drug” is written, then “drugstore” will trigger a session to start).

Empty

KeystrokeFiltering

Keystroke filtering during monitoring. If the value is “disabled”, keystroke filtering is disabled and all applications are monitored. If the value is “include”, keystroke filtering is enabled in Include mode, and only applications listed in KeystrokeFilteringAppNames or KeystrokeFilteringAppTitles are monitored. If the value is “exclude”, keystroke filtering is enabled in Exclude mode, and only applications not listed in KeystrokeFilteringAppNames or KeystrokeFilteringAppTitles are monitored.

Disabled

KeystrokeFilteringAppNames

The list of application names, separated by commas (e.g. “word.exe”,“skype.exe”). Names are combined with OR logic; the LIKE operator is applied to names (e.g. if “word.exe” is written then winword.exe will be monitored).

Empty

KeystrokeFilteringAppTitles

The list of application activity titles, separated by commas (e.g. “Facebook”,“Google”). Names are combined with OR logic; the LIKE operator is applied to the application activity titles (if “Facebook” is written, then Facebook messages will be monitored).

Empty

Log Files

MonLogging

The creation of monitoring logs on the Client computer. If the value is 0, the creation of monitoring logs is disabled; if the value is 1, a monitoring text log will be created in the LogPath location.

Disabled

LogPath

The path to the location of the monitoring log files. Using environment variables (%appdata%, %temp%, etc.) is allowed.

C:\ProgramData\Ekran System\MonLogs

EventLoggingEnabled

Logging of Ekran System events, such as errors, warnings, and informational messages to the Windows Event Log (1 = enabled; 0 = disabled).

Disabled

LogLevelThreshold

The severity level of the log entries to be saved to the Windows Event log. If the value is 0, only log entries at the Error level are written; if the value is 1, log entries at Error and Warning levels are written; if the value is 2, log entries at Error, Warning, and Information levels are written.

NOTE: This parameter works only if EventLoggingEnabled=1.

Disabled

URL Monitoring

URLMonitoring

Monitoring of URLs (1 = enabled; 0 = disabled).

Enabled

MonitorTopDomain

Monitoring of top and second-level domain names (1 = enabled; 0 = disabled).

NOTE: This parameter works only if URLMonitoring=1.

Enabled

Application Filtering

FilterState

Application filtering during monitoring. If the value is “disabled”, application filtering is disabled and all applications are monitored. If the value is “include”, application filtering is enabled in Include mode, and only applications listed in FilterAppName or FilterAppTitle are monitored. If the value is “exclude”, application filtering is enabled in Exclude mode, and only applications not listed in FilterAppName or FilterAppTitle are monitored.

Disabled

FilterAppName

The list of application names, separated by commas (e.g. “word.exe”,“skype.exe”). Names are combined with OR logic; the LIKE operator is applied to names (e.g. if “word.exe” is written then winword.exe will be monitored).

Empty

FilterAppTitle

The list of application activity titles, separated by commas (e.g. “Facebook”,“Google”). Names are combined with OR logic; the LIKE operator is applied to the application activity titles (if “Facebook” is written, then “Facebookmessages” will be monitored).

Empty

User Filtering

UserFilterState

User filtering during monitoring. If the value is “disabled”, the activity of all users is monitored. If the value is “include”, user filtering is enabled in Include mode, and only the activity of users listed in UserFilterNames is monitored. If the value is “exclude”, application filtering is enabled in Exclude mode, and only the activity of users not listed in UserFilterNames is monitored.

Disabled

UserFilterNames

A list of user names, separated by semicolons (e.g. work\jane;work\john). Names are combined with OR logic. Using an asterisk (*) as a name/domain wildcard is allowed (e.g. *\administrator or *\admin*).

Empty

Additional Options

EnableProtectedMode

The mode of Client operation (1 = Protected mode is enabled; 0 = disabled).

Disabled

UpdateAutomatically

Client Update mode. If the value is 1, automatic Client update is enabled; if the value is 0, it is disabled and the Client requires a manual update.

Enabled

DisplayClientIcon

Displaying of the Client tray icon. If the value is 1, the Client tray icon is displayed; if the value is 0, it is hidden.

Disabled

JumpServerMode

Jump Server mode. If the value is 1, Jump Server mode is enabled; if the value is 0, it is disabled.

Disabled

OfflineClientDetection

Notification about Clients being offline for more than a specified time period (i.e. "disconnected"). If the value is 1, offline Client detection is enabled; if the value is 0, it is disabled.

Disabled

OfflineClientDetectionInterval

The time period after which the Client will be considered as "disconnected".

01d00h00m

OfflineClientNotificationEmail

The list of email addresses to which notifications will be sent, separated by semicolons.

Empty


Monitoring Time Filtering

MonitorTimeFilterState

Filtering the time of recording user activity. If the value is “disabled”, user activity is recorded 24/7. If the value is “include”, user activity is recorded only on days defined in MonitoringDays and only during hours defined in MonitoringHours. If the value is “exclude”, user activity is not recorded on days defined in MonitoringDays and during hours defined in MonitoringHours.

Disabled

MonitoringDays

The days of the week during which the Client will or will not record users' activity. The days of the week are combined by OR logic.

Mon, Tue, Wed, Thu, Fri

MonitoringHours

The hours during which the Client will or will not record users' activity.

8:00 – 18:00

Remote Host IP Filtering

IPFilterState

Remote host IP filtering during monitoring. If the value is “disabled”, remote sessions from all IP addresses are monitored. If the value is “includePublic”, remote host IP filtering is enabled in Include mode, and only remote sessions from public IP addresses listed in IPFilterAddresses are monitored. If the value is “excludePublic”, remote host IP filtering is enabled in Exclude mode, and only remote sessions from public IP addresses not listed in IPFilterAddresses are monitored. If the value is “includePrivate”, remote host IP filtering is enabled in Include mode, and only remote sessions from private IP addresses listed in IPFilterAddresses are monitored. If the value is “excludePrivate”, remote host IP filtering is enabled in Exclude mode, and only remote sessions from private IP addresses not listed in IPFilterAddresses are monitored.

Disabled

IPFilterValue

The list of IP addresses, separated by commas (e.g. 10.100.0.1,10.100.0.2). IP addresses are combined with OR logic. Using an asterisk (*) as a wildcard is allowed (e.g. 10.200.*.*).

Empty

Authentication Options

NotificationMessage

The message that is displayed when a user logs in to the system.

Disabled

EnableNotificationComment

An additional option that requires the user to comment on an additional message displayed when logging in to the system (1 = enabled; 0 = disabled).

Disabled

RequireTicketNumber

An additional option that requires the user to enter a valid ticket number from an integrated ticketing system to start working with the Client computer (1 = enabled; 0 = disabled).

Disabled

Two-Factor and Secondary Authentication

EnableForcedAuth

Additional identification of users that log in to the Client with the server operating system installed on it (1 = enabled; 0 = disabled).

Disabled

EnableOneTimePassword

An additional option that allows the user to request a one-time password to get temporary access (1 = enabled; 0 = disabled).

Disabled

EnableTwoFactorAuth

An option that requires the user to enter a time-based one-time password to log in (1 = enabled; 0 = disabled).

Disabled

Advanced Options

InstallDir

The path to the Client installation folder. Using environment variables (%appdata%, %temp%, etc.) is allowed.

%ProgramFiles%\Ekran System\Ekran System

LocalCacheLimit

The size of the Client offline data cache in MB.

500

TenantKey

A unique identifier used by Clients to detect the tenant they belong to.

NOTE: In Multi-Tenant mode, the tenant key of each tenant is displayed in the Management Tool (on the Tenant Management page).

<Key value> of the built-in default tenant.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.